perf($auth-center): refine API parameter

api-gateway/src/main/java/com/jmsoftware/maf/apigateway/remoteapi/AuthCenterRemoteApi.java

@@ -4,7 +4,6 @@
 import com.jmsoftware.maf.common.domain.authcenter.permission.GetPermissionListByRoleIdListResponse;
 import com.jmsoftware.maf.common.domain.authcenter.permission.PermissionType;
 import com.jmsoftware.maf.common.domain.authcenter.role.GetRoleListByUserIdResponse;
-import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload;
 import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse;
 import com.jmsoftware.maf.common.domain.authcenter.user.GetUserByLoginTokenResponse;
 import org.springframework.validation.annotation.Validated;
@@ -15,6 +14,7 @@
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import java.util.List;
+import java.util.Map;
 
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
 
@@ -62,9 +62,9 @@ Mono<ResponseBodyBean<GetPermissionListByRoleIdListResponse>> getPermissionListB
     /**
      * Parse mono.
      *
-     * @param payload the payload
+     * @param headers the HTTP headers
      * @return the mono
      */
-    @PostMapping("/jwt-remote-api/parse")
-    Mono<ResponseBodyBean<ParseJwtResponse>> parse(@Valid @RequestBody ParseJwtPayload payload);
+    @GetMapping("/jwt-remote-api/parse")
+    Mono<ResponseBodyBean<ParseJwtResponse>> parse(@RequestHeader Map<String, String> headers);
 }

api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/JwtReactiveServerSecurityContextRepositoryImpl.java

@@ -4,7 +4,6 @@
 import com.jmsoftware.maf.apigateway.remoteapi.AuthCenterRemoteApi;
 import com.jmsoftware.maf.apigateway.security.configuration.JwtConfiguration;
 import com.jmsoftware.maf.common.bean.ResponseBodyBean;
-import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload;
 import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse;
 import com.jmsoftware.maf.common.domain.authcenter.security.UserPrincipal;
 import com.jmsoftware.maf.common.exception.SecurityException;
@@ -25,6 +24,7 @@
 import reactor.core.publisher.Mono;
 
 import javax.annotation.Resource;
+import java.util.HashMap;
 
 /**
  * Description: JwtReactiveServerSecurityContextRepositoryImpl
@@ -64,11 +64,10 @@ public Mono<SecurityContext> load(ServerWebExchange exchange) {
                      HttpHeaders.AUTHORIZATION, request.getMethod(), request.getURI());
             return Mono.error(new SecurityException(HttpStatus.NETWORK_AUTHENTICATION_REQUIRED, "JWT Required"));
         }
-        val jwt = authorization.replace(JwtConfiguration.TOKEN_PREFIX, "");
-        val parseJwtPayload = new ParseJwtPayload();
-        parseJwtPayload.setJwt(jwt);
+        val headers = new HashMap<String, String>(4);
+        headers.put(HttpHeaders.AUTHORIZATION, authorization);
         Mono<ParseJwtResponse> parseJwtResponseMono = authCenterRemoteApi
-                .parse(parseJwtPayload)
+                .parse(headers)
                 .map(ResponseBodyBean::getData)
                 .switchIfEmpty(Mono.error(
                         new SecurityException(HttpStatus.INTERNAL_SERVER_ERROR, "Got empty when parsing JWT")));

auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/controller/JwtRemoteApiController.java

@@ -2,19 +2,17 @@
 
 import com.jmsoftware.maf.authcenter.security.service.JwtService;
 import com.jmsoftware.maf.common.bean.ResponseBodyBean;
-import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload;
 import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse;
 import com.jmsoftware.maf.common.exception.SecurityException;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.validation.Valid;
+import javax.servlet.http.HttpServletRequest;
 
 /**
  * Description: JwtRemoteApiController, change description here.
@@ -31,16 +29,12 @@ public class JwtRemoteApiController {
 
     /**
      * Parse response body bean.
-     * <p>
-     * TODO: remove ParseJwtPayload, get JWT from HTTP header
      *
-     * @param payload the payload
      * @return the response body bean
-     * @throws SecurityException the security exception
      */
-    @PostMapping("/parse")
+    @GetMapping("/parse")
     @ApiOperation(value = "Parse JWT", notes = "Parse JWT (Remote API)")
-    public ResponseBodyBean<ParseJwtResponse> parse(@Valid @RequestBody ParseJwtPayload payload) throws SecurityException {
-        return ResponseBodyBean.ofSuccess(jwtService.parse(payload));
+    public ResponseBodyBean<ParseJwtResponse> parse(HttpServletRequest request) throws SecurityException {
+        return ResponseBodyBean.ofSuccess(new ParseJwtResponse().setUsername(jwtService.getUsernameFromRequest(request)));
     }
 }

auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/JwtService.java

@@ -1,15 +1,12 @@
 package com.jmsoftware.maf.authcenter.security.service;
 
-import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload;
-import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse;
 import com.jmsoftware.maf.common.exception.SecurityException;
 import io.jsonwebtoken.Claims;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.validation.annotation.Validated;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.validation.Valid;
 import java.util.Collection;
 import java.util.List;
 
@@ -86,13 +83,4 @@ String createJwt(Boolean rememberMe, Long id, String subject, List<String> roles
      * @return the jwt from request
      */
     String getJwtFromRequest(HttpServletRequest request);
-
-    /**
-     * Parse parse jwt response.
-     *
-     * @param payload the payload
-     * @return the parse jwt response
-     * @throws SecurityException the security exception
-     */
-    ParseJwtResponse parse(@Valid ParseJwtPayload payload) throws SecurityException;
 }

auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/impl/JwtServiceImpl.java

@@ -5,8 +5,6 @@
 import cn.hutool.core.util.StrUtil;
 import com.jmsoftware.maf.authcenter.security.service.JwtService;
 import com.jmsoftware.maf.authcenter.universal.configuration.JwtConfiguration;
-import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload;
-import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse;
 import com.jmsoftware.maf.common.domain.authcenter.security.UserPrincipal;
 import com.jmsoftware.maf.common.exception.SecurityException;
 import io.jsonwebtoken.*;
@@ -24,7 +22,6 @@
 import javax.annotation.PostConstruct;
 import javax.crypto.SecretKey;
 import javax.servlet.http.HttpServletRequest;
-import javax.validation.Valid;
 import java.nio.charset.StandardCharsets;
 import java.util.Collection;
 import java.util.Date;
@@ -158,12 +155,4 @@ public String getJwtFromRequest(HttpServletRequest request) {
         }
         return null;
     }
-
-    @Override
-    public ParseJwtResponse parse(@Valid ParseJwtPayload payload) throws SecurityException {
-        String usernameFromJwt = this.getUsernameFromJwt(payload.getJwt());
-        ParseJwtResponse response = new ParseJwtResponse();
-        response.setUsername(usernameFromJwt);
-        return response;
-    }
 }

common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/security/ParseJwtResponse.java

@@ -1,13 +1,15 @@
 package com.jmsoftware.maf.common.domain.authcenter.security;
 
 import lombok.Data;
+import lombok.experimental.Accessors;
 
 /**
  * Description: ParseJwtResponse, change description here.
  *
  * @author 钟俊（zhongjun）, email: zhongjun@toguide.cn, date: 12/29/2020 11:09 AM
  **/
 @Data
+@Accessors(chain = true)
 public class ParseJwtResponse {
     private String username;
 }